[ https://issues.apache.org/jira/browse/LIVY-894?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17635095#comment-17635095 ]
bharath kumar commented on LIVY-894: ------------------------------------ [~lmccay] Thanks for looking in to this,this might be a security issue if we don't fix it. * Livy is now being integrated with many components , if we can have this fix available , i believe we would be in a better position in terms of security. * Enterprise solutions might have LDAP authentication with livy, if credentials are exchanged over wire without encryption, it's going to be a security incident. I am moving this 0.8.0, hope above justifications are good enough. Thanks again. > Add secure authentication for livy when ldap is configured for authentication > ----------------------------------------------------------------------------- > > Key: LIVY-894 > URL: https://issues.apache.org/jira/browse/LIVY-894 > Project: Livy > Issue Type: New Feature > Components: API > Affects Versions: 0.7.0 > Reporter: bharath kumar > Priority: Critical > Fix For: 0.9.0 > > > Hello, > As i understand , livy authentication with ldap is not secured. Since > authentication is BASIC and tls is disabled, livy would be susceptible to > man-in-the-middle attacks. Can you please look in to this and provide a > secure authentication mechanism for livy with ldap integration. > Thanks > Bharath -- This message was sent by Atlassian Jira (v8.20.10#820010)